1

I want to give some of my clients the ability to write files via SFTP, which later I can read from my main server.

Since I'm using EC2, to do so I simply opened an Elastic File System (EFS) and mounted it on two servers: on my main server, which is what I want to protect, and on a new micro server which I don't care about and is used to allow sftp via username and password. The micro server allow SSH connection without keys.

Now assuming the following:

  1. I have nothing of importance on the micro server.
  2. I never execute files that I read from the EFS on my main server, its only data files.
  3. I don't care if different clients override each other's files.

Are there any threats I should worry about? Any possible known attacks?

For example lets say a malicious user somehow take over the micro server completely and have root privileges, can he somehow penetrate the main server via the EFS? Is there any secret data that amazon put on my instance that he can steal? (like my account id, keys, etc..)

If I mess up completely and someone takes over the micro sftp server - is my main server still safe?

PwdRsch
  • 8,341
  • 1
  • 28
  • 35
Ronen Ness
  • 125
  • 5

1 Answers1

3

It depends on the configuration of your network and servers.

If your main server doesn't have a route to the internet then you may be providing a bastion that can launch an attack from the micro to the main server. If the main server does have a public IP that doesn't apply.

I would put the two servers on different subnets, or perhaps even in separate VPCs. That would prevent the micro server attacking the main server - if you can't access, you can't attack. You'd want to make sure users who can log into the micro server don't have accounts on the main server - that means using different certificates.

I'd avoid giving the main server a public IP. Put it behind an Elastic Load Balancer (ELB), which as well as balancing load provides protection against many threats, including layer 4 and layer 7 attacks - including DDOS. You can use the AWS WAF for additional protection. ELB includes AWS Shield.

Assuming your micro server can't access your main server, the question comes down to whether EFS provides another means to attack the main server. EFS is just a hosted NFS share where you're billed for usage.

I personally don't see any way EFS could be used to attack the main server. That's not to say there isn't a way, just that I can't see one.

Tim
  • 245
  • 1
  • 7